# 使用443访问dashboard
mkdir -p /home/traefik/conf
mkdir -p /home/traefik/cert
touch /home/traefik/cert/fsgit-cc-acme.json
chmod 600 /home/traefik/cert/fsgit-cc-acme.json

traefik_domain="traefik.fsgit.cc"

# docker脚本
cat <<EOF | sudo tee /home/traefik/docker-compose.yml
version: "3.3"
services:
  traefik:
    image: "traefik"
    container_name: "traefik"
    network_mode: "host"
    restart: "unless-stopped"
    volumes:
      - "/home/traefik/:/etc/traefik/"
      - "/var/run/docker.sock:/var/run/docker.sock"
#    ports:  # host模式，不需要单独配
#      - "443:443"
#      - "80:80"
#      - "8080:8080"
    command:
      - "--log.level=ERROR"
      - "--accesslog=true"
      - "--api=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.address=:80"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=tcp://192.168.1.11:2377"
      - "--providers.docker.swarmMode=true"
      #- "--providers.docker.exposedbydefault=false" # 只暴露带有traefik.enable=true的容器
      - "--providers.file.directory=/etc/traefik/conf"
      - "--providers.file.watch=true"
#      - "--api.insecure=true"  # 使用file动态配置来设置，这里不用设置
#      - "--api.dashboard=true"  # 使用file动态配置来设置，这里不用设置
#      - "--certificatesResolvers.myresolver.acme.email=farseer@farseer.net"
#      - "--certificatesResolvers.myresolver.acme.storage=/etc/traefik/cert/fsgit-cc-acme.json"
#      - "--certificatesResolvers.myresolver.acme.tlsChallenge=true"
#      - "--certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web"
#      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
EOF

# dashboard
cat <<EOF | sudo tee /home/traefik/conf/slb-dashboard.yaml
http:
  routers:
    dashboard:
      service: dashboard@internal
      rule: "Host(\`${traefik_domain}\`)"
      entryPoints:
        - websecure
      tls:
        options: default
    api:
      service: api@internal
      rule: "Host(\`${traefik_domain}\`) && PathPrefix(\`/api\`)"
      entryPoints:
        - websecure
      tls:
        options: default
EOF

# stl证书
cat <<EOF | sudo tee /home/traefik/conf/fsgit-cc.yaml
tls:
  certificates:
    - certFile: "/etc/traefik/cert/fsgit-cc.crt"
      keyFile: "/etc/traefik/cert/fsgit-cc.key"
      stores:
        - default
EOF

cat <<EOF | sudo tee /home/traefik/cert/fsgit-cc.crt
-----BEGIN CERTIFICATE-----
MIIE4jCCA8qgAwIBAgISBOr+XDAQlxAErYI+rKJYepp5MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA5MTIwNDEyNTFaFw0yMzEyMTEwNDEyNTBaMBUxEzARBgNVBAMM
CiouZnNnaXQuY2MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtMKk5
fxOrProNSBncB80hwamg6N5nho619NuGbJOa75zcxzoL4JbJoou6Y4Ur/2+VE9oe
3/S3lKPgbIA4xTsCuj5Vi1hop+zgQndFVu67REzTSBOSv59ps4f3meh+KKD9xdlQ
mLDXH7yJLqom+G3e8VDNZPAreAc9oOKGZ/+RgJsgKr3YGnrdOfmq80TgT7+QghRn
0sutZE1fWTkZ3KHzHOawrWz4CKDmUXoo+i0cg9Cw35F8y2YI4V0vVgKVfLzjBJ/K
lU2VaVyhyCvzSreVC9PWJhTHU3LqPaEy0hKjm8j9bPP4CTq/T/CI0mEJRrAfzMIx
/YRwwSFRiQyEWx0lAgMBAAGjggINMIICCTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FK4xhlG6W23lbe3Ilq6n4mCaVwqlMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMBUG
A1UdEQQOMAyCCiouZnNnaXQuY2MwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgor
BgEEAdZ5AgQCBIH2BIHzAPEAdwB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpX
o1LrUgAAAYqHzn/dAAAEAwBIMEYCIQCEmaFylXpCwLxBRMWzHYpOH06hu2l2/If9
8pB8ifyvbAIhAJ7n7G71XxKGH5/EbSXH2KbpDzAx9k8lo6ndzUYxLNI5AHYAtz77
JN+cTbp18jnFulj0bF38Qs96nzXEnh0JgSXttJkAAAGKh85/1AAABAMARzBFAiEA
xJNugultS0VdEkG17CQiH03TpmMRhEEs+igEzixbrE0CIH+h0kEtfQXAtE87Rh0G
/flRbRtRyMJhFUvnQoodtzP8MA0GCSqGSIb3DQEBCwUAA4IBAQBIJIH47v1Oq0/G
DWO9mxnHGuOnyx0Sa6am1UH+S7vY1UyhTO1+JRE9AmcFJ9L0K2AAB/QuRWL94QfX
Hirda9zkVsdKrcko4ZmNLCoM+ZIJYyCXpP4f29u+cADpu8PP+BDTcwt1Xp/VaMiR
wKd7hk9Qxv3PqLDR3h7XERrn7+52kgu/s/tYHB7ABwWqSC9/6r06ewoGecAPiiq7
OvMLQyonOzga+cTZgFqOf2oN5bZe1oGeIl5ZJk1MTzV2RGXgZwnyYLSDAKM7/Xfo
JYPPJjJLqAQtTov2wqWS2O4lL845FLPjfUsPqBriGwzuwo+45fYPspkANyfmDZ2Q
neqKRTQh
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
EOF

cat <<EOF | sudo tee /home/traefik/cert/fsgit-cc.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArTCpOX8Tqz66DUgZ3AfNIcGpoOjeZ4aOtfTbhmyTmu+c3Mc6
C+CWyaKLumOFK/9vlRPaHt/0t5Sj4GyAOMU7Aro+VYtYaKfs4EJ3RVbuu0RM00gT
kr+fabOH95nofiig/cXZUJiw1x+8iS6qJvht3vFQzWTwK3gHPaDihmf/kYCbICq9
2Bp63Tn5qvNE4E+/kIIUZ9LLrWRNX1k5Gdyh8xzmsK1s+Aig5lF6KPotHIPQsN+R
fMtmCOFdL1YClXy84wSfypVNlWlcocgr80q3lQvT1iYUx1Ny6j2hMtISo5vI/Wzz
+Ak6v0/wiNJhCUawH8zCMf2EcMEhUYkMhFsdJQIDAQABAoIBAHryyZ/Mq+zs2e3l
2p3OV/z32/EkgAbkill4G4QBfoQGSMifEoEuDj3Ui/dlATxr2Q3vCvDSMotFFVWU
ES68LZlRGEFoa/nYBJxr8vohrdb5tMRlLagHKydB0WugMmGlfCzMEOtbimcd251T
qG2D/ZPAook9eBaT3igNF+Ms30yt4efRfGlLMuVH0pKFgOmPoj3gleflwZOKLNJH
A4Of1A0erP5V5Ya5wQSq4kPsglOqvr6MoLlFaU32RUrs4WL5K6ZSZwXMn+flrV/Q
VQahl6iA4ILUfnCahf1F5NzygT413le4v7UN8VqPJdVjzImD1WqQpQwRbUsib0Xg
4xVtIt0CgYEA120Rg8auaQNcpZU+l54PTfgN/xCzdEO9aWcp8vh5Ik7EvpUS/yPr
O23LfqSWz/PUl1HVAyNGJ8tlg/lcTBJq5rW+C8sOgliqFOKKD6BovSYyNP07uEWl
tb3fj2h4DUXeZB9Iyx8eh0af/t0kewquCcR8vMcgSkRlnjTRjN+2Yi8CgYEAzc8n
OUV7kEFk5HBXV6bdrpIMsbHClxAj05B0OGuesgW7sHUqrPiM4HP5MUbd6ZGToJFG
uTbOE1G6wZfoEgo+mGo+AOJneGJvf8wnJPlIkFF/Su/jVrp9yDkpReYyhgfhJUuI
yRFcztZzg6nPfE7O+b/H6PR7h6Ia7vxAa8WtxOsCgYEAt90IKN9nNou/BDg4HvGx
gEtprrwTXfT+8boyLITz5lsyQrM7bnW6rJNOLn3Nlhk25hva4X22v/oyX4xxwR+r
C9QsKyaY8Jk6OO8NBL9VBbNXALDtyp3vDAnNiDmS1Uk/wVaOK4cY6D5YCg+2tils
VzvTds/BeIGd9YSBIWpC4NMCgYAB1kyKVVVyBzNoWpxc+u9VpJYaa/TJtmordEml
S0iiXCy9uX4FBz7yrfZWe0R11kfUEhfohVW3lG4vVjTLHG5Mm/4rsdmsmGxYXrEm
wlbkeuXA/H0yA/4lcGUu64wd6CoZVCBHczE5424qibSBbo6oag7VxIDpyAenhHbq
v1v6uwKBgB0JcNqEMgLZDNtGdxuZNYIhmBcy99xxmb9hbiVle6b19YxeM2p5zIqv
xFE0sbyWK8OaOnVmjwvBM3+1AKGexaUSH5o7phFyb7MG5RWxSMCAhBT6/cGcegQR
yTv8D4EsjN3PXAAJknpkRR3idYiwFXzb4xqO8ebj/ZvJUVoCFTOd
-----END RSA PRIVATE KEY-----
EOF

cd /home/traefik/
docker-compose down -v
docker-compose up -d
docker logs traefik